In order to get a refresh token, you must first request the “offline_access” scope in your authorize request. Then, when you make the token request, with the authorization code returned back from that request, you will receive an ID Token, Access Token, AND Refresh Token. Only the Authorization Code is short lived at 300 seconds and it is NOT used to refresh tokens.
If you want to get a Refresh token for a SPA, you will need to enable the “Refresh token rotation” feature in your Org (found under Settings → Features if you have high enough admin permissions in your org) and enable “Refresh token” as an allowed grant for your specific application. More details here: Refresh token rotation | Okta Developer